PT-2025-49753 · Linux · Linux Kernel

Published

2023-02-02

Updated

2026-02-24

CVE-2023-53862

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.0-rc7-syzkaller-00190-g97ee9d1c1696

Description The Linux kernel contains a flaw within the hfs module related to reference counting of hfs bnode structures. Specifically, a missing call to hfs bnode get() after finding a node in hfs bnode create leads to a premature decrement of the reference count in hfs bnode put(), triggering a kernel BUG. This occurs during file write operations, potentially impacting system stability. The issue was identified through Syzbot testing and involves a path where a node is allocated, used, and then its reference count is incorrectly decremented to zero before it is fully utilized. The vulnerable code is located in fs/hfs/bnode.c.

Recommendations Update the Linux kernel to a version after 6.1.0-rc7-syzkaller-00190-g97ee9d1c1696.

Exploit

Fix

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

BDU:2026-01456

CVE-2023-53862

SUSE-SU-2026:0263-1

SUSE-SU-2026:0316-1

SUSE-SU-2026:0317-1

SUSE-SU-2026:0411-1

SUSE-SU-2026:0617-1

Affected Products

Linux Kernel

PT-2025-49753 · Linux · Linux Kernel

CVE-2023-53862

Weakness Enumeration

Related Identifiers

Affected Products

References · 1119